N8n GmbH

A SQL injection vulnerability (CVE-2026-44792) exists in n8n when using PostgreSQL and the Source Control feature, allowing an attacker with write access to the connected Git repository to inject malicious SQL via a crafted column name in a Data Table JSON file during a Source Control Pull.

CVE-2026-45732 describes a high-severity authorization bypass vulnerability in n8n's OAuth1 and OAuth2 credential reconnect endpoints, where insufficient permission checks allow a user with read-only access to overwrite OAuth tokens, potentially leading to data exfiltration and persistent takeover of shared integrations.

An authenticated user with workflow creation/modification permissions in n8n can achieve remote code execution (RCE) via global prototype pollution in the HTTP Request node due to an unvalidated pagination parameter, as tracked by CVE-2026-44789.

An authenticated user with workflow creation or modification permissions can inject CLI flags into the Git node's Push operation, leading to arbitrary file read on the n8n server; patched in versions 1.123.43, 2.20.7, and 2.22.1, and tracked as CVE-2026-44790.

An authenticated n8n user with workflow creation privileges can bypass a previous patch for XML node prototype pollution, potentially leading to remote code execution on the n8n host when combined with other nodes; patched in versions 1.123.43, 2.20.7, and 2.22.1.

On May 13, 2026, n8n released security advisories addressing vulnerabilities in several products, including prototype pollution and OAuth endpoint issues.